The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/8ea46b9a-5239-476b-949d-49546371eac1 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-20T18:55:06.152Z
Updated: 2023-11-20T18:55:06.152Z
Reserved: 2023-10-19T09:03:10.343Z
Link: CVE-2023-5652
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-20T19:15:10.027
Modified: 2023-11-27T16:30:00.860
Link: CVE-2023-5652
JSON object: View
Redhat Information
No data.
CWE